In 2018, the IRS noted a 60% increase in email-based scams related to money and tax data. Scammers know that there is big money to be had, either by preying on the fear taxpayers may have for audits and filing mistakes or by hacking into businesses who host tax-related data. While it is difficult to stop these schemes before they hit your mail, some basic education can help keep you from becoming their next victim this tax season. There is one vital fact to keep in mind: The IRS does not communicate important information with taxpayers via email, text, or social media. Here are the other facts you need to know about IRS email scams and how to avoid them.
Phishing, tax refund scams, malware, and other suspicious email attacks
The simplest form of scam is a phishing email. This sounds exactly like what it is — an email sent for the purpose of “fishing” for sensitive information. The messages may look official, with actual business logos and URLs that seem legitimate. Often these types of messages link to a website that also appears to be authentic. They ask you to log in, and when you do, your information is captured and transmitted to the scammer. Some IRS phishing messages may ask you to reply with specific information, such as a portion of your social security number.
Malware emails often include a link or an attachment that can end up infecting your computer, and ultimately siphoning information from it. They may claim to be sending information about an audit, or a proof of a mistake in a tax return. When you click it, the link installs a bit of code that gives the sender access to your computer.
These messages often include highly urgent requests, such as suggesting that you have been overpaid for a tax refund and must wire the overage back to avoid prosecution.
Here’s how to avoid IRS refund scams and other phishing and malware scams:
- Do not click on links in any email messages. If you receive a priority message from a trusted business source, type the URL directly into your browser. This will eliminate your risk of ending up on a fake site. Don’t open attachments from unexpected sources.
- Be suspicious of any email asking for information connected to your identity. Legitimate businesses and government offices typically do not do business in this manner.
- When entering information online, ensure that you are always accessing a secure website. (Hint: check that the URL begins with “https.) Legitimate sites will use a secure website.
- Never use free/public WiFi to log into sensitive sites (like your bank account) or to conduct sensitive activities (like shopping online). An open connection could allow someone to see the information you’re transmitting.
- Ensure that your home Internet connection and all your WiFi-enabled devices are secure. Use up-to-date virus protection software. Your connection should be password-protected with a firewall. Xfinity xFi Advanced Security can help you protect everything that connects to your home network and can send you notifications when issues arise.
IRS W-2 scam and other sophisticated attacks
As schemes get more complex, they also become more convincing and difficult to avoid. One scam that has risen in popularity allows potential thieves to “spoof” (mimic) a corporate email address. Posting as a member of management in your company, they make an official request for a funds transfer, or for information such as copies of your W-2. Once they receive the W-2 information, they can submit tax returns in your name, or simply sell the information to the highest bidder.
The requests seem legitimate and often target payroll employees who may not be versed in recognizing online scams.
Here's how to avoid these advanced attacks in the workplace:
- Steer clear of the phishing and malware scams mentioned above to help keep scammers out of your network. This is the first line of defense.
- Follow-up on original requests with a separate phone call or an email directly to the person requesting the information (don’t simply click “reply”).
- Inquire with your workplace about what protections are in place to educate employees with access to sensitive information about how scams work.
- Create policies about the electronic transfer of this type of data to avoid potential scams.
- Work with IT to scan your network and machine for viruses and malware.
Online IRS-related scammers become savvier all the time. However, you can stay one step ahead of them by educating yourself on current tax scams, as well as by securing your computer and network with the protection Xfinity xFi offers. Take the time to share your knowledge on these scams with family, friends, and co-workers who may not be aware of the dangers.